﻿<!--#include file="inc/function.asp"--><!--#include file="../inc/config.asp"-->

 <%
on error resume next
'使用mssql数据库
   set conn=server.CreateObject("ADODB.CONNECTION")
   connstr="DRIVER=SQL Server;SERVER="&sqls&";User Id="&datauser&";PASSWORD="&datapass&";DATABASE="&data&""
   conn.open connstr
   
   '使用access数据库

'connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data 'Source="&Server.MapPath(""&accdata&"")
'set conn=server.createobject("ADODB.CONNECTION")
'conn.open connstr
If Err Then
response.Write "连接数据库出错!"
err.Clear
Set conn = Nothing
Response.End
End If
   

username=Checkin(trim(Request.form("username")))
password=Checkin(trim(Request.form("password")))
	  code=request.form("code")

if username="" then
	errmsg="用户名没有输入！"
		call error()
	Response.End 
end if
 if   password="" then
errmsg="密码没有输入！"
	call error()
	Response.End 
end if
if code="" then
errmsg="验证码没有输入！"
	call error()
	Response.End 
response.end
end if
If CStr(Session("GetCode")) <> CStr(code) Then
errmsg="验证码错误！"
		call error()
		response.end
 Else
 codepass = False
 'Session("GetCode")=empty
 End If

set rs=server.createobject("adodb.recordset")
sql="select * from admin where username='"&username&"'and password='"&password&"'"
rs.open sql,conn,1,3
if not rs.EOF then
	rs("LoginTimes")=rs("LoginTimes")+1
	rs("LoginTime")=now()
	rs("LoginIP")=Request.ServerVariables("REMOTE_ADDR")
	rs.Update
	Session("AdminID")=rs("id")
	Session("Adminname")=rs("username")
	Session("IsAdmin")=true
	Session("KEY")=rs("oskey")
    Session.timeout=900
	Response.Cookies("comicsadmin")("usercookies") = usercookies
    Response.Cookies("comicsadmin")("AdminID") = rs("id")
    Response.Cookies("comicsadmin")("Adminname") = rs("username")
    Response.Cookies("comicsadmin")("IsAdmin") = true
    Response.Cookies("comicsadmin")("KEY") = rs("oskey")
	'Response.Redirect ("admin.asp")
	Response.write "<form name=form1 id=form1 action=""../asptoaspx.aspx"" method=post >"
    Response.Write "<input type=hidden name=AdminID value="&Session("AdminID")&">"
    Response.Write "<input type=hidden name=Adminname value="&Session("Adminname")&">"
    Response.Write "<input type=hidden name=IsAdmin value="&Session("IsAdmin")&">"
    Response.Write "<input type=hidden name=KEY value="&Session("KEY")&">"
    Response.Write "<input type=hidden name=flag value=1>"    
    Response.write "</form>"
    Response.write "<scr" + "ipt>form1.submit();</scr" + "ipt>"
else
	errmsg="管理员帐户或密码出错！"
	call error()
	Response.End 
end if
rs.close
set rs=nothing
conn.close
set conn=nothing
%>
